This invention relates generally to authentication, and more particularly, to methods and systems for authenticating users.
Users conduct transactions with many different service providers in person and remotely over the Internet. Network-based transactions conducted over the Internet may involve purchasing items from a merchant web site or accessing confidential information from a web site. Service providers that own and/or operate such websites typically require users to be successfully authenticated before being allowed to conduct a transaction on the website.
During remotely conducted network-based authentication transactions, users may provide a claim of identity and captured biometric data. The biometric data is typically captured as a single image, or picture, which is communicated to an authentication system. The authentication system conducts a matching transaction based on the single image. However, imposters have been known to impersonate users during authentication transactions by providing a false claim of identity supported by fraudulent biometric data in an effort to deceive an authenticating entity into concluding that the imposter is the person he or she claims to be. Such impersonations are known as spoofing or spoof attacks.
Impostors currently use many methods to obtain or create fraudulent biometric data that can be submitted during authentication transactions. For facial biometric data, imposters have been known to obtain two-dimensional pictures of others, from social networking sites, and to present the obtained pictures to a camera during authentication to support a false claim of identity. Moreover, imposters have been known to eavesdrop on networks during legitimate network-based authentication transactions to surreptitiously obtain genuine biometric data of users, and use the obtained biometric data for playback during fraudulent authentication transactions. Such fraudulent biometric data are known to be difficult to detect using known live-ness detection techniques. Consequently, generating trustworthy network-based authentication transaction results with biometric data captured from a user at a remote location depends on verifying the physical presence of the user during the authentication transaction as well as accurately verifying the identity of the user based on the captured biometric data. Verifying that biometric data presented during a network-based biometric authentication transaction conducted at a remote location is from a live user at the remote location is known as live-ness detection or anti-spoofing.